For pentests, an asset is a software component of value, such as a web application or API. Once you’ve created an asset, you can launch pentests for it.
Create an Asset
Best practices for creating an asset:
Describe your asset as clearly as possible.
Add a product walk-through and asset documentation using the provided templates.
Keep your assets up to date.
Start creating or editing your asset before creating a pentest. You can reuse the asset for future pentests.
Once you’ve defined an asset, you can launch pentests for it. You don’t need to create this asset again for each new pentest. When needed, update the asset description, and attach new documents.
Access and Permissions
Only Organization Owners and Members can create an asset.
Pentest Team Members don’t have access to the Assets page.
They can view and edit assets that are linked to pentests they collaborate on.
They may not be allowed to add attachments to an asset. An Organization Owner or Member of their company or a Cobalt Customer Success Manager can assist in this case.
No, you can only launch a pentest for a single asset.
If your asset has multiple methodologies, such as Web + API, you can choose a combined methodology. If the combination is not available, such as for Mobile + External Network, do the following:
Select one of the available asset types.
Let your CSM know so that we can select pentesters with the appropriate expertise.
I want to test two scopes. How many assets should I set up?
You can only launch a pentest for a single asset. Let’s rephrase this question: how many pentests should you launch for two scopes?
For assets of multiple types, you may want to launch one or more pentests, depending on the characteristics of your software.
For example, if your asset combines a web and mobile application, you may want us to test them together, in one pentest, if:
The two applications share some of the same code and functionalities.